Trojan

Trojan.Win32.Scar.qmel information

Malware Removal

The Trojan.Win32.Scar.qmel is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Scar.qmel virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Trojan.Win32.Scar.qmel?



File Info:

name: 2D393E8B1DB0299BEE31.mlw
path: /opt/CAPEv2/storage/binaries/75da18653d2e024f5ef029022caeff7aa64e8d6e48d3ae5fcd5891db7574936d
crc32: 260D9E42
md5: 2d393e8b1db0299bee3181a226d58805
sha1: fd0d96f6846dee80b68acb36ff7d87512efe0616
sha256: 75da18653d2e024f5ef029022caeff7aa64e8d6e48d3ae5fcd5891db7574936d
sha512: 0ac1bb2ac7a9f8e793c72940534e73d82dae48e9d99ad20d47e174f7b9b6c4a307b7d36640a5457a4f61dd42f3c4920617380f68245e3ca6fbb72f924c8e912a
ssdeep: 12288:yoGxAv1Jc6n4oMvXb8rBvMMMnMMMMMMMMMMd2bMMMnMMMMMMMMMM4Bw:yoGxAbLntFMMMnMMMMMMMMMM+MMMnMMX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16BE4DF80B195DDAAECF99D724F0AD13224526D79D2D1051F3C823DDE78B0FA32926A37
sha3_384: 026600814d2e250cbfdf243a7aeedf512354397e3fafe6eb5ee90a5237b31d78c78155e9c5240fef5ba31f250f0ec8e6
ep_bytes: 68c8634700e8eeffffff000000000000
timestamp: 1980-01-11 07:56:05


Version Info:

Translation: 0x0404 0x04b0
CompanyName: Tamsung
FileDescription: Spartacism
ProductName: Blanderens6
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Forhudsforsnvringens
OriginalFilename: Forhudsforsnvringens.exe

Trojan.Win32.Scar.qmel also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.PonyStealer.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.Om0@o84Bnycb
FireEyeGeneric.mg.2d393e8b1db0299b
McAfeeGenericRXAA-AA!2D393E8B1DB0
CylanceUnsafe
K7AntiVirusTrojan ( 004f94291 )
AlibabaTrojan:Win32/Injector.fc9e03c7
K7GWTrojan ( 004f94291 )
Cybereasonmalicious.b1db02
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.DFHU
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.VbProtect-6261556-0
KasperskyTrojan.Win32.Scar.qmel
BitDefenderGen:Heur.PonyStealer.Om0@o84Bnycb
NANO-AntivirusTrojan.Win32.AD.egsdiw
AvastWin32:DropperX-gen [Drp]
TencentMalware.Win32.Gencirc.11da41a5
Ad-AwareGen:Heur.PonyStealer.Om0@o84Bnycb
EmsisoftGen:Heur.PonyStealer.Om0@o84Bnycb (B)
DrWebTrojan.PWS.Panda.2401
TrendMicroTROJ_VBKRYPT.SMSM
McAfee-GW-EditionBehavesLike.Win32.Fareit.jm
SophosMal/Generic-R + Mal/FareitVB-G
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.PonyStealer.Om0@o84Bnycb
JiangminTrojan.Scar.tsg
AviraHEUR/AGEN.1130099
Antiy-AVLTrojan/Generic.ASMalwS.1BC6939
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Win-Trojan/VBKrypt.RP.X1764
VBA32TScope.Trojan.VB
ALYacGen:Heur.PonyStealer.Om0@o84Bnycb
MAXmalware (ai score=84)
MalwarebytesMalware.AI.4239083815
TrendMicro-HouseCallTROJ_VBKRYPT.SMSM
YandexTrojan.GenAsa!ya20owI9EGs
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.DFHU!tr
BitDefenderThetaGen:NN.ZevbaF.34062.Om0@a84Bnycb
AVGWin32:DropperX-gen [Drp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Scar.qmel?

Trojan.Win32.Scar.qmel removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment